Vector-Robot
Security checks across malware telemetry and agentic risk
Overview
The skill controls the robot as advertised, but a helper script can be tricked into running local commands and the optional voice proxy accepts messages without checking who sent them.
Review or patch the helper scripts before use, especially vector-say.sh. If using the voice proxy, bind it to localhost, add real API-key validation, and understand that voice requests and responses may be written to local files/logs. Only install the LaunchAgent if you want the proxy to run continuously, and supervise physical movement because cliff sensors are disabled during behavior control.
VirusTotal
55/55 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental crafted phrase passed to the speech helper could run local commands as the current user.
The user-controlled speech text is inserted into Python source code instead of being passed as a safely quoted argument, so crafted text containing Python quote/control characters could change the executed Python code.
TEXT="${1:-Hello}"
ENCODED=$(python3 -c "import urllib.parse; print(urllib.parse.quote('''$TEXT'''))")Do not pass untrusted text to this helper until it is changed to pass text through argv or stdin, for example using python3 -c '...' -- "$TEXT" and reading sys.argv.
Other local processes, and potentially other machines on the network depending on binding/firewall behavior, could inject prompts into the proxy or receive responses intended for the wire-pod/OpenClaw bridge.
The proxy accepts OpenAI-compatible chat requests, advertises Authorization as an allowed header, writes the raw request to a file, and starts listening without any visible API-key validation or host restriction.
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
...
if (req.url === '/v1/chat/completions' && req.method === 'POST') {
...
fs.writeFileSync(REQUEST_FILE, JSON.stringify(request, null, 2));
...
server.listen(PORT, () => {Bind the proxy explicitly to 127.0.0.1, validate the configured API key or another secret, and restrict access with firewall rules before enabling voice integration.
Voice questions and answers may remain in local files or logs where other local users/processes with access to the skill directory could read them.
Incoming voice/chat content and raw request payloads are written to request.json and printed to logs, which is expected for this bridge but can preserve sensitive spoken content locally.
console.log(`[${new Date().toISOString()}] Question: "${question}" (stream: ${isStreaming})`);
const request = { timestamp: Date.now(), question, raw: data };
fs.writeFileSync(REQUEST_FILE, JSON.stringify(request, null, 2));
...
console.log(`[${new Date().toISOString()}] Response: "${response}"`);Treat request.json, response.json, and proxy logs as potentially sensitive; store them in a protected directory and rotate or delete logs when no longer needed.
If installed, the proxy will continue running after login/boot until the LaunchAgent is unloaded or removed.
The optional installer creates a user LaunchAgent that starts the proxy automatically and keeps it alive. This is disclosed and user-directed, but it is persistent behavior.
<key>RunAtLoad</key> <true/> <key>KeepAlive</key> <true/> ... launchctl load "$PLIST_PATH"
Install the LaunchAgent only if you want always-on voice integration, and document how to unload and remove it.
The robot could drive off a surface or into objects if movement commands are used carelessly.
The skill gives commands for physical robot movement while behavior control disables cliff sensors. This is central to the stated purpose and is warned about, but it is still a physical safety-relevant capability.
**⚠️ SAFETY: Cliff sensors are DISABLED during behavior control. Be careful with wheel movements!** ... curl -s -X POST "$WIREPOD/api-sdk/move_wheels?lw=100&rw=100&serial=$SERIAL"
Use wheel movement only in a safe area, supervise the robot, and prefer explicit user confirmation for movement commands.